Microsoft to patch critical holes in IE, Office, Silverlight

Windows users will get the usual round of security patches from Microsoft next Tuesday.

Among the seven fixes due to roll out March 12, four are rated critical, which means they address flaws that could let an attacker execute malware on a remote PC by steering a user to a malicious Web site or e-mail link.

The patch for Internet Explorer is designed to shore up all versions from IE6 to IE10 across all iterations of Windows from XP to Windows 8 and RT. The patch for Microsoft's Silverlight, a browser plug-in that can display online videos and other rich content, is geared for both Windows and Mac OS X.

"It is puzzling to see such a high rating for this software that typically requires opening of an infected file in order for the attack to work," Kandek said in a blog yesterday. "It will be interesting to see the attack vector for this vulnerability that warrants the 'critical' rating."

The fourth and final critical patch applies to a flaw in Microsoft's Sharepoint server and so affects only business customers. The other three patches are rated as important, which means the holes they address are not as serious, though Microsoft still advises users to install them.

Assuming Windows Update is set to automatic, critical patches are automatically installed. Important patches must be selected by the user in order to be installed.